🔥 3-day streak
Microsoft Identity and Access Administrator44 / 126
Question 44 of 126

Your organization wants a small team of identity engineers to manage the membership and settings of a specific set of highly sensitive groups that also carry role assignments. These groups are role-assignable (isAssignableToRole = true). You create a custom role with permissions to update group membership and assign it to the engineers scoped to those groups. However, the engineers report they cannot modify the membership of the role-assignable groups, even though they can manage other groups. What is the reason for this behavior?

Reviewed for accuracy · Report an issueNext question